Sav aviour CACHIA IA - Commissione ner Office of the Information - - PowerPoint PPT Presentation

sav aviour cachia ia commissione ner office of the
SMART_READER_LITE
LIVE PREVIEW

Sav aviour CACHIA IA - Commissione ner Office of the Information - - PowerPoint PPT Presentation

Oct 11, 2023 366 likes •506 views

General Data Protection Regulation (GDPR) Sav aviour CACHIA IA - Commissione ner Office of the Information and Data Protection Commissioner Regulation (EU) 2016/679 ... on the protection of natural persons with regard to the processing of

slide-1
SLIDE 1

General Data Protection Regulation (GDPR)

Sav aviour CACHIA IA - Commissione ner Office of the Information and Data Protection Commissioner

slide-2
SLIDE 2

www.idpc.org.mt 1

...on the protection of natural

persons with regard to the processing of personal data and

  • n the free movement of such

data, repealing Directive 95/46/EC. Regulation (EU) 2016/679

slide-3
SLIDE 3

www.idpc.org.mt 2

Current DP Legal Instruments

EU DP Legal Framework

  • Directive 95/46

(DP Directive)

  • Directive 2002/58

(e-Privacy Directive)

  • Council Decisions

(Police and Judicial co-operation) Council of Europe

  • Convention 108
  • Rec. 87/15 Police Sector

National Law

  • Data Protection Act

(Cap. 440)

  • S.L. 440.01

(Electronic Comms.)

  • S.L. 440.06

(Police and Judicial co-operation)

  • Other S.L.
  • Ratified 28 Feb. 2003
  • S.L. 440.05 Police
slide-4
SLIDE 4

www.idpc.org.mt 3

Reasons for Change

  • Rapid technological developments
  • Globalisation – increase in e-Commerce
  • Rebalancing of rights in a digital world
  • More Accountability
  • Stronger enforcement for more effective protection
  • Consistency and harmonisation across the EU
  • Provide legal certainty for economic operators
  • EU’s Digital Agenda – rebalancing of rights
slide-5
SLIDE 5

www.idpc.org.mt 4

Future DP Legal Instruments

EU DP Reform Package

  • General DP Regulation

(Reg. EC 2016/679)

  • Police Directive

(EC 2016/680) Supplemented by:

  • e-Privacy Regulation
  • CoE 108 Modernised

National Law

  • General DP Regulation

(Reg. EC 2016/679)

  • DPA & S.L.
  • S.L. Transposing

Police Directive Supplemented by:

  • e-Privacy Regulation
  • CoE 108 to be ratified
slide-6
SLIDE 6

www.idpc.org.mt 5

What is DP?

CREATING THE RIGHT BALANCE BETWEEN RIGHTS OF DATA SUBJECTS NEED FOR DATA PROCESSING Individuals / Clients Business/Government Organisations Employees Employers

slide-7
SLIDE 7

www.idpc.org.mt 6

Basic DP Compliance

  • Identify legal basis
  • legal obligation, contract, legitimate interest
  • Observe requirements for processing
  • purpose & storage limitation, safeguards, data minimisation
  • Ensure data subjects rights
  • Information prior to processing (DP Policies)
  • Subject Access Requests – copies of data
  • Request for rectification or blocking or deletion
  • Controller – Processor governed by a contract
  • Controller remains responsible
  • Liability clauses in case of data breaches
  • Transborder data flows
slide-8
SLIDE 8

www.idpc.org.mt 7

slide-9
SLIDE 9

www.idpc.org.mt 8

Data Retention Considerations

Legal obligations: e.g. Income Tax Management Act Value Added Tax Act Social Security Act Business and Administrative requirements: e.g. Marketing Billing and accounting Customer Care and after sales service Fix reasonable periods which can be justified with IDPC when required. Data Subject to be informed of Retention Period at collection stage!

slide-10
SLIDE 10

www.idpc.org.mt 9

Powers of the Commissioner

Investigative powers

  • enter and search any premises and access to all information;

Corrective powers

  • warnings and reprimands; rectification or erasure; ban processing;
  • administrative fines [effective, proportionate and dissuasive – up to €20 M];

Authorisation and advisory powers

  • processing subject to prior checking; codes of conduct; certification bodies;
  • advise the Parliament, Government and the general public;

Engage in legal proceedings

  • Data Protection Appeals Tribunal; Court of Appeal - aggrieved from a decision;
  • may institute proceedings in a Court of law against any person.
slide-11
SLIDE 11

www.idpc.org.mt 10

Organisational Challenges

  • Identify current/new processing operations and map to a legal basis
  • Increase awareness top – bottom approach
  • Strengthen Data Protection Structures
  • DPO (if applicable) needs to operate in accordance with GDPR
  • Introduce DP by Design in systems
  • Carry out DP Impact Assessments for processing operations
  • Determine retention periods
  • Prepare to give “copy” of data to data subjects when requested
  • Prepare for dealing with data breaches
slide-12
SLIDE 12

www.idpc.org.mt 11

Final Key Messages

Continuity and change is of utmost importance

  • Compliance with current DP regime is a very

good start

  • Organisations must identify what is new and

different for them IDPC is there to help and guide as necessary IDPC is also there to Regulate

slide-13
SLIDE 13

www.idpc.org.mt 12

Ready – Steady - Go!